Google's "reported attack site" nonsense could lead to a Firefox boycott

Certain pages on this site lead to a "reported attack site" warning for Firefox 3 users which is apparently a feature built into Firefox 3 and provided by Google. This is actually making me want to boycott Firefox because these kinds of cozy relationships is NOT what we want to see happen in the market. A single company taking it upon itself and its apparently flawed algorithms to decide which sites you shouldn't visit and doing it in such an obnoxious way. The ignore button is stuffed in a corner and a way of disabling this "feature" isn't at all obvious.

It is not only us web publishers who are complaining about this as our sites get labeled even when we don't feature any malicious content either posted by us or our users, but web site users themselves are complaining about the sites they usually visit and trust to be safe are suddenly labeled causing this obnoxious warning to display every time they visit it. Here is a thread on Mozilla forums with many such complaints, such as this one:

"I was curious to see what new Zippo lighter models are available, and I was shocked by the fact that the "Product" page at www.zippo.com can not be accesed due to the fact that Firefox 3 and Google "think" that http://www.zippo.com/Products/index.aspx is a "Reported Attack Site"."

And a few others:

"Great now my favorite college radio station is considered an "attack site" thanks to Google."

"My two domains have been diagnosed and said they didn't find anything yet firefox is still showing that phishing message. How could this be? Why is this happening? Now everyone in the world will never ever consider checking my website once they use firefox. this is just plain ridiculous."

"Well I have the same issue my site which is just a comic book website Iberianpress.com was waved as an attack site. What's worse is that after clicking on the link to see the problem, it said that there was nothing wrong with site that it was cleaned. Worst yet this is going to damage the sales of my new book because this is a critical pre order month for our new book."

"They seem to have blanket blocked anything at 'hometown.aol.co.uk'. That's messing with an awful lot of people."

And so on and on. It's clear that this thing could be causing more harm then good. If Google is gonna take it upon themselves to so obnoxiously label sites which supposedly offer malicious downloads then what are firewalls, antivirus programs and malware scanners for? Not to mention Linux users could care less for this "feature" since most malicious software doesn't affect them, yet as many of them are users of Firefox they get to be dealt this crap as well.

Given how disfunctional this is it should at best be merely a firefox extension, not an integrated feature enabled by default. How am I to continue supporting the growth of Firefox if they're gonna chalk it up to Google to control what sites we should visit? They're putting us in a position from which supporting Firefox is getting to be equal to supporting Google's further grip on the market. That's NOT making me happy.

What do you think? And if you have any suggestions for alternatives to Firefox (aside from IE), feel free to suggest.

Are you going to boycott IE as well. Site filtering is included in IE controlled by Microsoft.

Firefox has options to turn the filtering off.

Most browsers on the web have some form of site filtering.

Bewared some of these sites blocked contain malformed html so upset google spider using webkit engine to scan sites so got black listed. Now issue here is bigger than o my favorate site got black listed. Lot of sites built to standard don't work perfectly in IE so they use hacks.

Run away from firefox but that will not get away from Google. People forget about google releasing there own webbrowser and plugin into IE.

Well, like it or not, it works as it is supposed to. See, you all complain it is nonsense, but are you 100% sure those pages did not contain any hidden links or iframes that point to a malware site?
I mean, have you submitted those pages to a certified security expert, and he has confirmed there is nothing suspicious on them? NO? Oh... yeah, Google is bad, bad, bad

Google blocked one of the sites that I'm hosting, on my domain. I cursed Google and decided to check that site with an antivirus: it was clean. What came out at a closer inspection was interesting: some hidden iframes at the end of many HTML files, pointing to a domain distributing spyware.

I would have never discovered those problems without the help of Google.

I'm not sure how this "feature" is working, but from your story I take that this behavior is not limited to just searching pages through Google, but also by just visiting a site by typing its url.

If that is the case, stumbling upon a "reported attack site" is one of my least worries. What worries me way more is that it implies that all your movements on the web are being tracked by Google. That personally would scare the living hell out of me and would put an immediate end to my use of Firefox (or Iceweasel in my case).

I hope I just got it wrong and this "feature" only bugs you when using Google search. In that case, there are more than enough alternative search engines and still using Google these days and thinking that wont harm is just naive in my opinion.

In the beginning of the last century doctors prescribed coke and methamphetamines for a whole lot of things. It was only when the finally (and way to late) figured out the long term effects that they realized how bad the stuff was. The same ignorance can be seen by Google users. As long nothing goes catastrophically wrong, everybody keeps using it like a bunch of brainless dopefiends.

Well, like it or not, it works as it is supposed to. See, you all complain it is nonsense, but are you 100% sure those pages did not contain any hidden links or iframes that point to a malware site?
I mean, have you submitted those pages to a certified security expert, and he has confirmed there is nothing suspicious on them? NO? Oh... yeah, Google is bad, bad, bad

Google blocked one of the sites that I'm hosting, on my domain. I cursed Google and decided to check that site with an antivirus: it was clean. What came out at a closer inspection was interesting: some hidden iframes at the end of many HTML files, pointing to a domain distributing spyware.

I would have never discovered those problems without the help of Google.

+1

If you (referring to the original article writer) are prepared to go on a great big rant about how evil Google is, I also hope you're prepared to issue a full apology if it is found that you've been unwittingly serving up some potentially block-worth material. I know that the times I have seen this warning, it has been justified 100% of the time. And the ignore button is *hardly* buried.

Take a step back, don't take it personally and try to work out why your getting this message, your post just looks like a whine from yet another blog site.

I work for a good sized hosting company and see a fair share of these sites, usually because the clients we host have poor ftp passwords which are easily hackable and when said hack is complete there is a nice little iframe there redirecting you to a .cn site where a wonderful little trojan is awaiting you to become part of the peoples republic of botnetswana.
I cannot tell you how many of these I have seen and I can guarantee you that the complainers who want to access this site will indeed become part of the botnet that is waiting eagerly for them to hit that iframe in their ignorance, thinking that they are protected by the flimsy AV software on their windows box which provides little protection, and they just cannot understand for the life of them how 'that pesky little trojan found its was onto their box' as they cry to the friend or tech who is reformatting their drive.
I say, definitely open it up, that is to say bend over and open wide and let them enjoy their freedom to be abused.

This is likely what you will find with the majority of these things. There IS likely some kind of malware being served by these sites. The IFrame issue IS being done to valid/good sites and they are unknowingly distributing trojans and spyware.

It is NOT the content of the site that lands you one the list, it is the distribution of spyware.

Use Linux I use Ubuntu haven't touched Microsoft in couple years now ohh I have a single win 2003 standard server online for clients who want native vb.net support but thats like less than .01% of my client base I could delete the virtual server today and it would not be missed most my clients and myself included write most our code in C# or VB.NET which runs under Apache::ASP just fine it's only certain API calls to w32 mods that some clients need the stupid win server for but anyways to the authors point.. Yes I actually downgraded my Firefox version on my personal and office systems because of there stupid bull crap with google now but what are you going todo seriously? I mean I have personally scanned every single one Firefox 3.0.14 flagged and found nothing wrong with the content of the site it flagged. And trust me I know what I'm looking at no hidden jscripts no hidden iframes not a damm thing wrong with them was the final straw when my boss and two other co-workers started to tell me that our Zimbra Webmail was being flagged as a phishing web site by google (laugh)

Anyways turn off the filter or downgrade but I agree the Moz group made a bad choice deciding to intergrate googles bull crap into a perfectly good software package.. What ever happened to if it's not broke don't fix it ??

A lot of the sites tagged for this are those that don't use any ad filtering and end up frequently having advertisements pop up that load in trojans simply by connecting to the site. If anything, it provides motivation for the site owner to figure the problem out and fix it with some relative swiftness.

Well, like it or not, it works as it is supposed to. See, you all complain it is nonsense, but are you 100% sure those pages did not contain any hidden links or iframes that point to a malware site?
I mean, have you submitted those pages to a certified security expert, and he has confirmed there is nothing suspicious on them? NO? Oh... yeah, Google is bad, bad, bad

Google blocked one of the sites that I'm hosting, on my domain. I cursed Google and decided to check that site with an antivirus: it was clean. What came out at a closer inspection was interesting: some hidden iframes at the end of many HTML files, pointing to a domain distributing spyware.

I would have never discovered those problems without the help of Google.

+1

If you (referring to the original article writer) are prepared to go on a great big rant about how evil Google is, I also hope you're prepared to issue a full apology if it is found that you've been unwittingly serving up some potentially block-worth material. I know that the times I have seen this warning, it has been justified 100% of the time. And the ignore button is *hardly* buried.

Take a step back, don't take it personally and try to work out why your getting this message, your post just looks like a whine from yet another blog site.

Well, even if this feature of theirs works (alerting web masters to those iframes for instance) I still think it's not up to Google to impose it if neither web masters nor users like the way they're doing it. There has got to be less obnoxious ways.

I'm not necessarily saying Google is evil (haven't said that in my post), but everybody knows that they've grown incredibly big and widespread in many industries. So being vary to some extent is wise. It's known that Mozilla and Google have a business partnership about it being a default search engine in Firefox. It could be that embedding this feature is just another part of the deal. Now, just as many people didn't like the fact Windows came with Internet Explorer by default, should Firefox ever get majority market share, the same may apply to Google.

I'm not denying the rights of the two companies to partner up. I'm just saying that as customers we have our own interests and if something bothers us we're well to say it. That's how markets work.

Google probably doesn't track your movements via this service, the methods for doing that are already in place and widely accepted. What do you think all those cookies you accept from sites do? They report back to the cookie owners where you've been.

i mean...really what's worse having a system that gives false warning that you CAN circumvent or a system that allows you to go to the site without warning that may actually cause harmful material to be loaded onto your system that may be much more difficult to correct in the long run?

and i'm not quite sure i understand what the author gets at by saying "one company" is in charge of putting together the list...no matter how you slice it "one company" is going to need to host the data and ultimately be in control of the master list of sites to be blocked no matter how many people amend the list...

this kind of complaining doesn't get anyone anywhere it only further feeds the fire of people who want to tear down a good service because it doesn't exactly conform to their specific needs, maybe it's time to program your own phishing filter?

It is sad to see what has happened but in the end it is for the best. It will allow an effect of gnu/linux enthusiast to start looking for alternatives as well as creating and contributing. I switched to opera myself but am watching netsurf,midori and hv3 all of which are great alternatives.

I work for a good sized hosting company and see a fair share of these sites, usually because the clients we host have poor ftp passwords which are easily hackable and when said hack is complete there is a nice little iframe there redirecting you to a .cn site where a wonderful little trojan is awaiting you to become part of the peoples republic of botnetswana.

You freakin' moron. This is a Linux site -- no one here is going to become a part of a botnet by visiting a malicious site. I think this was one of the points the guy who wrote the article was making. Us Linux users do not *need* this pathetic blacklisting approach to security.

He's not a moron, believe me. Indeed, WE don't need this, but aren't WE the ones who are being paid money for making sure that those little defenseless Windows users don't get infected?
Ultimately, they all come to us complaining that a trojan says "Hi!" every time their machine boots, wasting our time and energy.

This "feature" of Firefox is useless to me as a user, but not as a sysadmin.

I work for a good sized hosting company and see a fair share of these sites, usually because the clients we host have poor ftp passwords which are easily hackable and when said hack is complete there is a nice little iframe there redirecting you to a .cn site where a wonderful little trojan is awaiting you to become part of the peoples republic of botnetswana.

You freakin' moron. This is a Linux site -- no one here is going to become a part of a botnet by visiting a malicious site. I think this was one of the points the guy who wrote the article was making. Us Linux users do not *need* this pathetic blacklisting approach to security.

I think an official boycott would once again raise the interest. With the direction that firefox is taking it might just have an effect on them to consider making changes and listening to it's user base. That is if enough folks join in on the boycott! Promote midori, netsurf, etc... and draw attraction to these projects. If all else fails projects such as those will get some needed attention.

how should they know why you boycott if you do. Have you tried the bugtracker at https://bugzilla.mozilla.org/ to voice your opinion? Then there is still time to boycott if that doesn't lead anywhere.

There might be false positives but personally I never experienced one. In fact from what I saw it can be quite helpful. Story was that a client had a dodgy webapplication with malicious iframes all over the place. Probably got their ftp passwords sniffed by a virus and someone modified the site . If that didn't work for the attacker he just had to try the backend with U:admin p:admin so it was just a matter of time IMO.

Many people don't know what they are doing on the net. They get paranoid when they don't lock their front door twice from the inside at night but they have no understanding about basic security principles or even the existence of malware. In general I applause the existence of such a function by default in firefox at least for people like my mother, The tech savy can always turn them off. Regarding the false positive - it would be great if they could be reduced but a lot is probably also just bad webdesign.

Why is no one mentioning the HOSTING COMPANIES ??? I am not technical guru so forgive me, but aren't the hosting company servers being compromised by these attacks .. I mean how else are these malware, iframes infecting websites ??? it's obviously through the host server ... right ?

Actually this helps people not to visit the attack site, i experience this on one of my site and when I investigate it, I found an iframe inserted on my site.. This iframe ha a site that distribute virus... I immediately clean the site and reported to google, and in a week the attack status was cleared. Though the status sometime appear on a site that is not infected with virus(a bug from google).